在python 连接mysql时,最近一直出现了

1064, 'You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near \'"58 convenience stores in Beijing Pilot selling class B over-the-counter drugs""\' at line 4'
这个异常信息,今早发现后就进行解决,尝试了多种方式,google提示用pymysql.escape_string函数对参数防止转义,最开始用的是{0} 这种占位符的方式,发现还是无法解决,后面还试了一种方式,在execute里面处理
sql_01 = '''
insert into cmstop_content(contentid,catid,modelid,title, tags,status,published,publishedby
,createdby,created,modifiedby,modified,sourceid,score)
values (null,%s,"1",%s,%s,'3',UNIX_TIMESTAMP(SYSDATE()),'28','28',UNIX_TIMESTAMP(SYSDATE()),'28',UNIX_TIMESTAMP(SYSDATE()),'21','0');

  在execute的时候进行参数传递,可以正常入库了

  cur.execute(sql_01, (pymysql.escape_string(info["flag"]), pymysql.escape_string(info["标题"]),  pymysql.escape_string(info["标签"])))

  以前都是将参数与sql处理好一起传入excute,没怎么用过在execute中传递参数,特意看了下execute的定义,args的类型可以是tuple,list,dict中的任何一种,如果参数类型不对,会出现如下提示:

execute() takes from 2 to 3 positional arguments but 5 were given

pymysql   1064, 'You have an error in your SQL syntax; check the manual that corresponds to-LMLPHP

05-11 21:53